Hi,
Combofix Log
ComboFix 08-03-08.2 - Gary Fullick 2008-03-09 11:52:18.6 - NTFSx86
Running from: C:\Documents and Settings\Gary Fullick\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\MyWebSearch\
.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.
2008-03-07 13:37 . 2008-03-07 13:37 <DIR> d-------- C:\Documents and Settings\Chris fullick\Application Data\Malwarebytes
2008-03-05 22:33 . 2008-03-05 22:33 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-05 22:33 . 2008-03-05 22:33 <DIR> d-------- C:\Documents and Settings\Gary Fullick\Application Data\Malwarebytes
2008-03-05 22:33 . 2008-03-05 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-04 22:52 . 2008-03-05 21:57 3,116 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-04 22:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-04 22:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-04 22:43 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-04 22:43 . 2008-02-29 23:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-04 22:43 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-04 22:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-04 22:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-04 18:21 . 2008-03-04 18:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-02 12:34 . 2008-03-09 11:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-02 12:34 . 2008-03-02 12:34 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-01 13:37 . 2008-03-01 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-01 13:36 . 2008-03-01 13:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 00:32 . 2008-03-01 00:32 <DIR> d-------- C:\Documents and Settings\Carol Fullick.TRACEMATE\Application Data\Lavasoft
2008-02-28 01:40 . 2008-02-28 01:40 <DIR> d-------- C:\Documents and Settings\Chris fullick\Application Data\SUPERAntiSpyware.com
2008-02-27 20:49 . 2008-03-01 13:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-27 20:49 . 2008-02-27 20:49 <DIR> d-------- C:\Documents and Settings\Gary Fullick\Application Data\SUPERAntiSpyware.com
2008-02-27 20:38 . 2008-03-01 16:37 <DIR> d-------- C:\Program Files\a-squared Free
2008-02-23 19:23 . 2008-03-01 20:19 <DIR> d-------- C:\Program Files\Macrogaming
2008-02-23 14:12 . 2008-02-23 17:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-23 14:12 . 2008-02-23 14:12 <DIR> d-------- C:\Documents and Settings\Gary Fullick\Application Data\VideoEgg
2008-02-20 21:49 . 2008-02-23 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 11:44 564,224 ----a-w C:\WINDOWS\Internet Logs\xDBBB.tmp
2008-03-09 11:44 1,530,368 ----a-w C:\WINDOWS\Internet Logs\xDBBC.tmp
2008-03-09 11:41 127,381,536 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-09 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-08 19:35 --------- d-----w C:\Program Files\MSN Messenger
2008-03-08 11:06 1,460,768 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-05 03:22 --------- d-----w C:\Documents and Settings\Chris fullick\Application Data\Azureus
2008-03-04 20:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-01 20:19 --------- d-----w C:\Program Files\TightVNC
2008-02-28 20:32 --------- d-----w C:\Documents and Settings\Chris fullick\Application Data\Nokia
2008-02-23 14:12 --------- d-----w C:\Program Files\SSC Service Utility
2008-02-19 13:11 1,661,952 ----a-w C:\WINDOWS\Internet Logs\xDBBA.tmp
2008-01-26 20:36 3 ----a-w C:\winptfd.dat
2008-01-23 14:26 --------- d-----w C:\Documents and Settings\Chris fullick\Application Data\cs
2008-01-21 19:25 --------- d-----w C:\Program Files\iTunes
2008-01-21 19:25 --------- d-----w C:\Program Files\iPod
2008-01-21 19:18 --------- d-----w C:\Program Files\Bonjour
2008-01-21 19:17 --------- d-----w C:\Program Files\QuickTime
2008-01-20 16:27 --------- d-----w C:\Program Files\Auction Sentry
2008-01-17 23:46 --------- d-----w C:\Program Files\PishTech
2008-01-04 01:52 1,110,016 ----a-w C:\WINDOWS\Internet Logs\xDBB9.tmp
2007-12-10 00:16 2,171,392 ----a-w C:\WINDOWS\Internet Logs\xDBB7.tmp
2007-12-10 00:16 1,346,048 ----a-w C:\WINDOWS\Internet Logs\xDBB8.tmp
2007-12-04 03:24 1,338,880 ----a-w C:\WINDOWS\Internet Logs\xDBB6.tmp
2007-11-18 15:36 2,626,560 ----a-w C:\WINDOWS\Internet Logs\xDBB4.tmp
2007-11-18 15:35 2,626,560 ----a-w C:\WINDOWS\Internet Logs\xDBB5.tmp
2007-11-09 17:43 2,616,320 ----a-w C:\WINDOWS\Internet Logs\xDBB3.tmp
2007-10-15 22:41 33,452,045 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-09-21 19:39 2,528,768 ----a-w C:\WINDOWS\Internet Logs\xDBB2.tmp
2007-09-03 18:59 2,464,768 ----a-w C:\WINDOWS\Internet Logs\xDBB1.tmp
2007-08-21 19:57 214,528 ----a-w C:\WINDOWS\Internet Logs\xDBB0.tmp
2007-08-20 11:07 2,417,664 ----a-w C:\WINDOWS\Internet Logs\xDBAF.tmp
2007-08-19 16:15 2,416,640 ----a-w C:\WINDOWS\Internet Logs\xDBFD.tmp
2007-08-17 16:37 2,419,200 ----a-w C:\WINDOWS\Internet Logs\xDBAE.tmp
2007-08-11 09:30 2,402,304 ----a-w C:\WINDOWS\Internet Logs\xDBAD.tmp
2007-08-05 20:21 2,400,256 ----a-w C:\WINDOWS\Internet Logs\xDBAC.tmp
2007-08-03 22:53 2,399,232 ----a-w C:\WINDOWS\Internet Logs\xDBAB.tmp
2007-07-31 15:11 2,391,040 ----a-w C:\WINDOWS\Internet Logs\xDBAA.tmp
2007-07-30 14:44 2,383,360 ----a-w C:\WINDOWS\Internet Logs\xDBA8.tmp
2007-07-12 21:04 2,357,248 ----a-w C:\WINDOWS\Internet Logs\xDBA7.tmp
2007-07-10 19:09 94,720 ----a-w C:\WINDOWS\Internet Logs\xDBA6.tmp
2007-06-29 23:17 1,083,904 ----a-w C:\WINDOWS\Internet Logs\xDBA5.tmp
2007-06-27 20:43 2,310,656 ----a-w C:\WINDOWS\Internet Logs\xDBA4.tmp
2007-06-10 00:13 2,285,568 ----a-w C:\WINDOWS\Internet Logs\xDBA3.tmp
2007-06-02 00:55 2,278,912 ----a-w C:\WINDOWS\Internet Logs\xDBA2.tmp
2007-04-04 22:44 1,920,000 ----a-w C:\WINDOWS\Internet Logs\xDBA1.tmp
2006-09-19 23:39 1,865,216 ----a-w C:\WINDOWS\Internet Logs\xDBA0.tmp
2006-09-09 09:10 2,811,392 ----a-w C:\WINDOWS\Internet Logs\xDB9E.tmp
2006-09-09 09:10 1,841,152 ----a-w C:\WINDOWS\Internet Logs\xDB9F.tmp
2006-08-27 08:49 1,824,256 ----a-w C:\WINDOWS\Internet Logs\xDBA9.tmp
2006-08-26 23:15 1,823,744 ----a-w C:\WINDOWS\Internet Logs\xDB9D.tmp
2006-08-20 21:04 1,842,176 ----a-w C:\WINDOWS\Internet Logs\xDB9C.tmp
2006-04-21 23:42 795,136 ----a-w C:\WINDOWS\Internet Logs\xDB9B.tmp
2006-04-11 10:53 2,648,064 ----a-w C:\WINDOWS\Internet Logs\xDB9A.tmp
2005-11-12 01:46 839,168 ----a-w C:\WINDOWS\Internet Logs\xDB99.tmp
2005-10-02 08:58 12,283,581 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_10_02_09_46_38.dmp.zip
2005-10-02 08:49 2,738,176 ----a-w C:\WINDOWS\Internet Logs\xDB94.tmp
2005-10-02 08:49 17,920 ----a-w C:\WINDOWS\Internet Logs\xDB96.tmp
2005-10-01 23:56 83,456 ----a-w C:\WINDOWS\Internet Logs\xDB95.tmp
2005-10-01 23:55 2,738,176 ----a-w C:\WINDOWS\Internet Logs\xDB93.tmp
2005-09-09 01:54 2,740,736 ----a-w C:\WINDOWS\Internet Logs\xDB97.tmp
2005-09-09 01:54 183,296 ----a-w C:\WINDOWS\Internet Logs\xDB98.tmp
2005-08-29 00:17 17,920 ----a-w C:\WINDOWS\Internet Logs\xDB92.tmp
2005-08-29 00:07 2,738,176 ----a-w C:\WINDOWS\Internet Logs\xDB91.tmp
2005-08-28 23:18 54,272 ----a-w C:\WINDOWS\Internet Logs\xDB90.tmp
2005-08-28 23:18 2,738,176 ----a-w C:\WINDOWS\Internet Logs\xDB8F.tmp
2005-08-26 13:59 424,960 ----a-w C:\WINDOWS\Internet Logs\xDB8E.tmp
2005-08-26 13:59 2,740,224 ----a-w C:\WINDOWS\Internet Logs\xDB8D.tmp
2005-08-05 16:38 2,746,880 ----a-w C:\WINDOWS\Internet Logs\xDB8B.tmp
2005-08-05 16:32 43,520 ----a-w C:\WINDOWS\Internet Logs\xDB8C.tmp
2005-08-03 01:58 249,344 ----a-w C:\WINDOWS\Internet Logs\xDB8A.tmp
2005-08-03 01:58 2,712,576 ----a-w C:\WINDOWS\Internet Logs\xDB89.tmp
2005-07-24 04:40 83,456 ----a-w C:\WINDOWS\Internet Logs\xDB88.tmp
2005-07-24 04:40 2,568,704 ----a-w C:\WINDOWS\Internet Logs\xDB86.tmp
2005-07-15 16:40 2,565,120 ----a-w C:\WINDOWS\Internet Logs\xDB85.tmp
2005-07-15 12:20 187,392 ----a-w C:\WINDOWS\Internet Logs\xDB87.tmp
2005-07-04 13:17 2,512,896 ----a-w C:\WINDOWS\Internet Logs\xDB82.tmp
2005-07-02 20:37 160,768 ----a-w C:\WINDOWS\Internet Logs\xDB81.tmp
2005-07-02 20:36 2,512,896 ----a-w C:\WINDOWS\Internet Logs\xDB80.tmp
2005-06-23 17:06 124,928 ----a-w C:\WINDOWS\Internet Logs\xDB7F.tmp
2005-06-23 16:54 2,493,952 ----a-w C:\WINDOWS\Internet Logs\xDB7E.tmp
2005-06-17 00:38 2,488,832 ----a-w C:\WINDOWS\Internet Logs\xDB7C.tmp
2005-06-17 00:38 175,616 ----a-w C:\WINDOWS\Internet Logs\xDB7D.tmp
2005-06-10 16:24 2,496,000 ----a-w C:\WINDOWS\Internet Logs\xDB79.tmp
2005-06-10 16:24 130,048 ----a-w C:\WINDOWS\Internet Logs\xDB7A.tmp
2005-06-04 13:25 2,496,000 ----a-w C:\WINDOWS\Internet Logs\xDB77.tmp
2005-06-04 13:25 162,816 ----a-w C:\WINDOWS\Internet Logs\xDB78.tmp
2005-06-01 19:19 2,488,832 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp
2005-05-29 12:16 854,016 ----a-w C:\WINDOWS\Internet Logs\xDB76.tmp
2005-05-29 11:44 2,481,152 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp
2005-04-25 23:26 175,616 ----a-w C:\WINDOWS\Internet Logs\xDB74.tmp
2005-04-25 23:23 2,409,472 ----a-w C:\WINDOWS\Internet Logs\xDB73.tmp
2005-04-20 11:49 625,664 ----a-w C:\WINDOWS\Internet Logs\xDB72.tmp
2005-04-20 11:45 2,409,472 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp
2005-04-09 16:09 77,312 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp
2005-04-09 16:09 2,381,824 ----a-w C:\WINDOWS\Internet Logs\xDB6F.tmp
2005-04-08 14:51 6,866,815 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_04_08_15_47_14.dmp.zip
2005-04-08 14:46 25,088 ----a-w C:\WINDOWS\Internet Logs\xDB6D.tmp
2005-04-08 14:46 2,388,480 ----a-w C:\WINDOWS\Internet Logs\xDB6C.tmp
2005-04-08 13:09 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB6B.tmp
.
((((((((((((((((((((((((((((( snapshot@2008-03-07_18.01.41.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-16 19:53:50 29,926 ----a-r C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe
+ 2008-03-08 19:35:43 29,926 ----a-r C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe
+ 2008-03-09 11:47:32 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_390.dat
- 2006-06-05 13:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 14:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
- 2006-06-05 13:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 14:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
- 2006-06-05 13:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 14:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-19 18:20 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2007-12-19 18:20 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-19 18:20 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-26 21:13 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 20:01 49152]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 14:16 5058560]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\system32\nwiz.exe]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2003-07-29 04:31 61440]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 09:29 40960]
"OWS Setup CmdLine"="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" [2004-08-03 23:56 188480]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 07:24 579072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 53248 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 36864 C:\WINDOWS\system32\BTSetBootKey.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 20:01 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=interceptor.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\syste
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
backup=C:\WINDOWS\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Gary Fullick^Start Menu^Programs^Startup^Launch K9.lnk]
backup=C:\WINDOWS\pss\Launch K9.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-04-26 07:29 237568 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-04-11 16:52 1409024 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-02-21 14:19 1481968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 20:00:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-26 19:15:00 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.1.30.7.sxt _RegistrationOffer@16
"2008-03-03 22:14:19 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-09 03:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
"2005-12-30 01:57:46 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
"2008-03-09 11:45:44 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-03-04 20:05:05 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-09 12:02:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-09 12:09:30
ComboFix-quarantined-files.txt 2008-03-09 12:09:23
ComboFix2.txt 2008-03-09 11:42:07
ComboFix3.txt 2008-03-07 18:02:31
.
2008-02-14 03:19:34 --- E O F ---
Having trouble downloading the Kaperski scanner, it has been going 20 minuteswith no change.
This may be due to the activx I can run flash player in FF but it will not work in IE.
HJT LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:22, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\MSSQL7\binn\sqlagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhos;<local>;*.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [OWS Setup CmdLine] "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /pkg "Office 2000 Server Extensions"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: ppctlcab -
http://www.pestscan.com/scanner/ppctlcab.cabO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/ka ... nicode.cabO16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) -
http://www.pestscan.com/scanner/axscanner.cabO16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://www.cult3d.com/download/cult.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex ... -0-3-9.cabO16 - DPF: {65E8E2DC-186A-4AAC-9E56-FDC683055A9E} (CNetOnlineInstall Control) -
http://www.download.com/html/dl/bug2116 ... nstall.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004 ... scan53.cabO16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -
http://download.zonelabs.com/bin/promot ... r37380.cabO16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) -
http://download.zonelabs.com/bin/promot ... WebAAS.cabO16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
http://games-dl.real.com/gameconsole/Bu ... eRdxIE.cabO16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
http://a532.g.akamai.net/7/532/6712/6c5 ... taller.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) -
http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exeO16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
http://tools.ebayimg.com/eps/activex/EP ... -0-3-0.cabO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Server Extensions Notification Service (OWSTimer) - Unknown owner - C:\Program Files\Microsoft Office\Office\OWSTIMER.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10357 bytes
The computer is running ok on line now, no extra web pages loading.
Cheers
Gary